Software /
code /
prosody-modules
File
mod_block_registrations/mod_block_registrations.lua @ 5550:4fda06be6b08
mod_http_oauth2: Make note about handling repeated
RFC 6749 states
> If an authorization code is used more than once, the authorization
> server MUST deny the request and SHOULD revoke (when possible) all
> tokens previously issued based on that authorization code.
We should follow the SHOULD.
The MUST is already covered by removing the code state from the cache.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 16 Jun 2023 00:10:46 +0200 |
parent | 5065:368bf9b06484 |
line wrap: on
line source
local st = require "util.stanza"; local nodeprep = require "util.encodings".stringprep.nodeprep; local block_users = module:get_option_set("block_registrations_users", { "abuse", "admin", "administrator", "hostmaster", "info", "news", "noc", "operator", "owner", "postmaster", "register", "registration", "root", "security", "service", "signup", "support", "sysadmin", "sysop", "system", "test", "trouble", "webmaster", "www", "xmpp", }); local block_patterns = module:get_option_set("block_registrations_matching", {}); local require_pattern = module:get_option_string("block_registrations_require"); function is_blocked(username) -- Check if the username is simply blocked if block_users:contains(username) then return true; end for pattern in block_patterns do if username:find(pattern) then return true; end end -- Not blocked, but check that username matches allowed pattern if require_pattern and not username:match(require_pattern) then return true; end end module:hook("user-registering", function(event) local username = event.username; if is_blocked(username) then event.allowed = false; return true; end end, 10);